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1 A conservative algorithm for computing the flow of permissions in Java programs 
Gleb Naumovich 

^ July 2002 ACM SIGSOFT Software Engineering Notes , Proceedings of the 2002 ACM 
SIGSOFT international symposium on Software testing and analysis ISSTA 

'02, Volume 27 Issue 4 

Publisher: ACM Press 

Full text available: |£ | pdf(540.08 KB) Additional Information: full citation , abstract , references , citings 

Open distributed systems are becoming increasingly popular. Such systems include 
components that may be obtained from a number of different sources. For example, Java 
allows run-time loading of software components residing on remote machines. One 
unfortunate side-effect of this openness is the possibility that "hostile" software 
components may compromise the security of both the program and the system on which 
it runs. Java offers a built-in security mechanism, using which programmers can give p ... 
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2 A flexible access control mechanism for CAD frameworks H 
A. J. van der Hoeven, Olav ten Bosch, Rene van Leuken, Pieter van der Wolf 
September 1994 Proceedings of the conference on European design automation 

Publisher: IEEE Computer Society Press 

Full text available: ^ pdf(704.03 KB) Additional Information: full citation , references , citings , index terms 



3 A distributed persistent object store for scalable service 0 
^ Chao Jin, Weimin Zheng, Feng Zhou, Yinghui Wu 

^ October 2002 ACM SIGOPS Operating Systems Review, volume 36 issue 4 
Publisher: ACM Press 

Full text available: g pdff1.03 MB) Additional Information: full citation , abstract , references 

This paper presents a distributed persistent object store designed to simplify scalable 
service in cluster environment. This distributed object store, called TODS (Tsinghua 
Object Data Store), presents a single-imaged, transparent persistent and object-oriented 
view of the storage devices of the whole cluster. TODS is designed to be incremental 
scalable and efficient, and also has the properties of the high concurrency, high 
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throughput and availability which are necessary for scalable service. T ... 

Policy management using access control spaces 
Trent Jaeger, Xiaolan Zhang, Fidel Cacheda 

August 2003 ACM Transactions on Information and System Security (TISSEC), Volume 6 

Issue 3 
Publisher: ACM Press 

f - 1 , . .. . , , woen cn Additional Information: full citation , abstract , references , citings , index 

Full text available: TO pdf(360.69 KB) ' ' ^ 

terms , review 

We present the concept of an access control space and investigate how it may be useful in 
managing access control policies. An access control space represents the permission 
assignment state of a subject or role. For example, the set of permissions explicitly 
assigned to a role defines its specified subspace, and the set of constraints precluding 
assignment to that role defines its prohibited subspace. In analyzing these subspaces, we 
identify two problems: (1) often a signi ... 

Keywords: Access control models, authorization mechanisms, role-based access control 



5 Extensible file system (ELFS): an object-oriented approach to high performance file 

^ John F. Karpovich, Andrew S. Grimshaw, James C. French 

October 1994 ACM SIGPLAN Notices , Proceedings of the ninth annual conference on 
Object-oriented programming systems, language, and applications 

OOPSLA '94, Volume 29 Issue 10 

Publisher: ACM Press 
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Scientific applications often manipulate very large sets of persistent data. Over the past 
decade, advances in disk storage device performance have consistently been outpaced by 
advances in the performance of the rest of the computer system. As a result, many 
scientific applications have become I/O-bound, i.e. their run-times are dominated by the 
time spent performing I/O operations. Consequently, the performance of I/O operations 
has become critical for high performance in these applicatio ... 

Certification of programs for secure information flow 

Dorothy E. Denning, Peter J. Denning 

July 1977 Communications of the ACM, volume 20 issue 1 

Publisher: ACM Press 

Full text available: ^ pdf(918.82 KB) Additional Information: full citation , abstract , references , citings 

ertification mechanism for verifying the secure flow of information through a program. 
Because it exploits the properties of a lattice structure among security classes, the 
procedure is sufficiently simple that it can easily be included in the analysis phase of most 
existing compilers. Appropriate semantics are presented and proved correct. An important 
application is the confinement problem: The mechanism can prove that a program cannot 
cause supposedly nonconfidential results to depend on conf ... 

Keywords: confinement, information flow, lattice, program certification, protection, 
security, security classes 



7 Role-based access control in Java 
M± Luigi Giuri 

>^ October 1998 Proceedings of the third 




workshop on Role-based access control 
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Access rights analysis for Java 

Larry Koved, Marco Pistoia, Aaron Kershenbaum 

November 2002 ACM SIGPLAN Notices , Proceedings of the 17th ACM SIGPLAN 

conference on Object-oriented programming, systems, languages, 
and applications OOPSLA '02, Volume 37 issue n 

Publisher: ACM Press 

Full text available- - ffi pdf(360.93 KB) Additional Information: fun citation , abstract, references , citings, index 
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Java 2 has a security architecture that protects systems from unauthorized access by 
mobile or statically configured code. The problem is in manually determining the set of 
security access rights required to execute a library or application. The commonly used 
strategy is to execute the code, note authorization failures, allocate additional access 
rights, and test again. This process iterates until the code successfully runs for the test 
cases in hand. Test cases usually do not cover all paths th ... 

Keywords: Java security, access rights, call graph, data flow analysis, invocation graph, 
security 



Security analysis: Towards a formal model for security policies specification and 

validation in the selinux system 
Giorgio Zanin, Luigi Vincenzo Mancini 

June 2004 Proceedings of the ninth ACM symposium on Access control models and 

technologies 
Publisher: ACM Press 

Full text available: |^pdf(257.36 KB) Additional Information: full citation , abstract , references , index terms 

This paper presents a formal model, called SELAC, for analyzing an arbitrary security 
policy configuration for the SELinux system. A security policy for SELinux is complex and 
large: it is made by many configuration rules that refer to the access control sub-models 
implemented in the system. Among the rules composing a security policy configuration, 
many relationships occur and it is extremely difficult to understand their overall effects in 
the system. Our aim is to define semantics for the con ... 

Keywords: configuration, formal model, security enhanced linux 



10 Role-based access control on the Web using Java 
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11 Developing and using a "policy neutral" access control policy 
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12 Declarative specialization of object-oriented programs 

Eugen N. Volanschi, Charles Counsel, Gilles Muller, Crispin Cowan 
v October 1997 ACM SIGPLAN Notices , Proceedings of the 12th ACM SIGPLAN 

conference on Object-oriented programming, systems, languages, and 
applications OOPSLA '97, volume 32 issue 10 
Publisher: ACM Press 
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Designing and implementing generic software components is encouraged by languages 
such as object-oriented ones and commonly advocated in most application areas. Generic 
software components have many advantages among which the most important is 
reusability. However, it comes at a price: genericity often incurs a loss of efficiency. This 
paper presents an approach aimed at reconciling genericity and efficiency. To do so, we 
introduce declarations to the Java language to enable a programmer to speci ... 

13 Kernel korner: filesvstem labeling in SELinux 
James Morris 

October 2004 Linux Journal, Volume 2004 issue 126 

Publisher: Specialized Systems Consultants, Inc. 

Full text available: W\ html(25.75 KB) Additional Information: full citation 



14 Conceptual modeling and metadata: Grid metadata catalog service-based OGC web Q 
registry service 

^ Peisheng Zhao, Aijun Chen, Yang Liu, Liping Di, Wenli Yang, Peichuan Li 

November 2004 Proceedings of the 12th annual ACM international workshop on 

Geographic information systems 
Publisher: ACM Press 

Full text available: | g pdf(128.43 KB) Additional Information: full citation , abstract , references , index terms 

Grid is a promising e-Science infrastructure that promotes and facilitates the sharing and 
collaboration in the use of distributed heterogeneous resources through Virtual 
Organization (VO). A critical factor to the overall utility of Grid is a scalable, flexible and 
robust registry mechanism. Although it provides some mechanisms to store and access 
metadata for publishing and discovering resources, such as MCS (Metadata Catalog 
Service), the Grid registry is inadequate for dealing with domain ... 

Keywords: OGC, OWL, catalog, grid, information model, ontology, semantic 
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^ Trent Jaeger, Antony Edwards, Xiaolan Zhang 

May 2004 ACM Transactions on Information and System Security (TISSEC), volume 7 

Issue 2 

Publisher: ACM Press 

Full text available: | £) pdf(394.54 KB) Additional Information: full citation , abstract , references , index terms 

We present a consistency analysis approach to assist the Linux community in verifying the 
correctness of authorization hook placement in the Linux Security Modules (LSM) 
framework. The LSM framework consists of a set of authorization hooks inserted into the 
Linux kernel to enable additional authorizations to be performed (e.g., for mandatory 
access control). When compared to system call interposition, authorization within the 
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kernel has both security and performance advantages, but it is more di ... 
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This paper focuses on object-oriented programming and one kind of structure-improving 
transformation (refactoring) that is unique to object-oriented programming: finding 
abstract superclasses. We decompose the operation of finding an abstract superclass into 
a set of refactoring steps, and provide examples. We discuss techniques that can 
automate or automatically support these steps. We also consider some of the conditions 
that must be satisfied to perform a refactoring safely; some ... 

17 Analysis and verification: Runtime verification of authorization hook placement for the 

linux security modules framework 
^ Antony Edwards, Trent Jaeger, Xiaolan Zhang 

November 2002 Proceedings of the 9th ACM conference on Computer and 

communications security 
Publisher: ACM Press 
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Full text available: fjfl pdf(298.39 KB) 

terms 

We present runtime tools to assist the Linux community in verifying the correctness of the 
Linux Security Modules (LSM) framework. The LSM framework consists of a set of 
authorization hooks inserted into the Linux kernel to enable additional authorizations to 
be performed (e.g., for mandatory access control). When compared to system call 
interposition, authorization within the kernel has both security and performance 
advantages, but it is more difficult to verify that placement of the LSM hooks ... 

18 Technical briefing: Music in time-based hypermedia 
jfev Jacco van Ossenbruggen, Anton Eliens 

^ September 1994 Proceedings of the 1994 ACM European conference on Hypermedia 
technology 

Publisher: ACM Press 
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May 1999 Proceedings of the 21st international conference on Software engineering 
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^ Yangjun Chen, Yibin Chen 

March 2004 Proceedings of the 2004 ACM symposium on Applied computing 
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In this paper, we propose a new index structure for object-oriented databases. The main 
idea of this is a graph structure, called a signature graph, which is constructed over a 
signature file generated for a class and improves the search of a signature file 
dramatically. In addition, the signature files (accordingly, the signature graphs) can be 
organized into a hierarchy according to the nested structure (called the aggregation 
hierarchy) of classes in an object-oriented database, which leads t ... 

Keywords: index structure, object-oriented database, signature files, signature graphs, 
system 
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